How to create Kafka Kerberos Java consumer

Suppose that you need to create Kafka Java consumer with Kerberos. The code will be:

public KafkaConsumer<String, String> createKafkaKerberosConsumer(String groupID) {
    Properties props = new Properties();
    props.put(ConsumerConfig.BOOTSTRAP_SERVERS_CONFIG, "localhost:3991");
    props.put(ConsumerConfig.GROUP_ID_CONFIG, groupID);
    props.put(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, "SASL_PLAINTEXT");
    props.put(SaslConfigs.SASL_KERBEROS_SERVICE_NAME, "HTTP");
    props.put(SaslConfigs.SASL_JAAS_CONFIG, kafkaJaasConfiguration());
    props.put(ConsumerConfig.KEY_DESERIALIZER_CLASS_CONFIG, StringDeserializer.class.getName());
    props.put(ConsumerConfig.VALUE_DESERIALIZER_CLASS_CONFIG, StringDeserializer.class.getName());
    return new KafkaConsumer<String, String>(props);
}

private String kafkaJaasConfiguration() {
    return "com.sun.security.auth.module.Krb5LoginModule required " +
            "useKeyTab=true " +
            "keyTab=\"/path/to/keytab/name.keytab\" " +
            "storeKey=false " +
            "debug=false " +
            "principal=\"userprincipal@REALM\";";
}

You don’t need to specify java.security.auth.login.config Java property, because we set SaslConfigs.SASL_JAAS_CONFIG property directly to the consumer.

You just need to made changes in kafkaJaasConfiguration() method that necessary for your Kerberos configuration.

If you still have any questions, feel free to ask me in the comments under this article, or write me on promark33@gmail.com.

Leave a Reply

Your email address will not be published.